Hi there I just learnt about graylog2 yesterday: what a revelation! The developers have done a WONDERFUL job. I have our central syslog server forwarding 1000+ syslog records/sec into a single virtual CentOS7 server and it's humming along. Obviously not much data in it yet, but so far I'm stunned :-)
Anyway, I had a few gotchas during the process and I thought I'd feed them back First off, anyone wanting to do CentOS/Redhat based installs really needs to read this howto on ITzGeek - it really helped http://www.itzgeek.com/how-tos/linux/centos-how-tos/how-to-install-graylog2-on-centos-7-rhel-7.html Secondly, we have multiple AD forests, so people should be aware that is not an environment conducive to LDAP. LDAP is all about "one" LDAP - and forests can have many LDAP "domains" even within one forest. So my hint in this case is that you can get graylog to support a single forest by configuring LDAP to point at a top-forest level Global Catalog server (ldap port=3268 - ldaps=3269) - as that "flattens" all the child domains into one namespace - then all the users in that forest can log in, instead of just those in one domain As far as handling multiple forests - you can't. That would require graylog to support multiple LDAP connectors. I rather see graylog gain SAML support - as we've already been through the exercise of "flattening" all our forests for SAML - so I'd rather just reuse that ;-) Thanks again for all the hard work Jason -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.